Mass excitement this week: Plenty to triage and even more to talk about with WiX's first security update. With a little luck, we have some nice boring weeks ahead of us.

WiX v3.10.2 update

With January's Patch Tuesday behind us, our agreement with MSRC to not disclose a Windows vulnerability has lapsed. The Windows vulnerability can be manifested with a Burn bundle—as well as with almost every other installation engine and self-extractor available—in a way that is potentially serious. Because Burn gets elevation right—by elevating only when necessary, not up-front and always—it's harder for malware to get elevated privileges but of course, even being able to execute code as the user could be significant. Therefore, FireGiant committed the time to make a series of mitigations in Burn against this Windows vulnerability and release it as WiX v3.10.2 as soon as possible.

Error during installation #5180 reported an error installing WiX v3.10 on Windows 7 Enterprise. We've had vague reports of problems with Windows 7 Enterprise before but have never narrowed them down to OS configuration, antivirus, or other, so we asked for logs in the hopes we'll decipher a root cause.

Loose file support in Burn? #5182 harkened back to a thread on wix-users in 2012 about Burn supporting loose files in a bundle. It does but doesn't support those files changing after the bundle is built—the file hashes change and fail validation during installation.

Unicode hyphen is not accepted as the start of an option on Wix 3.10 heat.exe #5183 requests that "the" Unicode hyphen be supported as a command-line switch marker. It turns out there are at least seven Unicode characters that qualify: hyphen, non-breaking hyphen, figure dash, en dash, em dash, horizontal bar, minus sign. I'm not sure we want to add all of those, but we said we'd take a look if someone wanted to do the work.

IBootstrapperEngine::SetDownloadSource requires non-const strings #5185 is an issue I opened when I discovered that the IBootstrapperEngine::SetDownloadSource bootstrapper application interface method takes LPWSTR arguments when it should be taking LPCWSTR arguments because the function never modifies the strings. We decided it was safe to take this change in WiX v3.x because someone already supplying a non-const string wouldn't be broken by the parameter type changing to const.

About FireGiant

Now you can install with confidence. FireGiant arms you with accurate support from the creators of WiX. Because there are no questions we can't answer or problems we can't solve, you can unleash the full functionality of WiX without a doubt.

At FireGiant, we provide dedicated support for WiX, so you can be confident in your decision to use this robust toolset. Why? Because we are the creators of WiX. And that means you'll always receive accurate answers, timely troubleshooting, and the support you need to successfully unleash its functionality.

After all, when it comes to installations, one thing is certain: They must work. And with help from FireGiant, they will. Period.